Bug 15101

Summary: [PATCH] cdcontrol does not perform bounds checking WRT dev name lengths
Product: Base System Reporter: jedgar <jedgar>
Component: binAssignee: joe <joe>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.3-STABLE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description jedgar 1999-11-26 14:50:00 UTC 
cdcontrol fails to perform basic bounds/sanity checking WRT device name
lengths.  Though this does not appear to be exploitable in any way (not
suid, etc), it can cause those annoying core dumps :)

Fix: The following patch performs the necessary bounds checking.  Also, it
might be more proper to use MAXPATHLEN instead of the author's 80
char pathname limit.
How-To-Repeat: 
Using a file/path > 80 characters

% touch <long file/pathname>
% cdcontrol -f <long file/pathname> eject
Segmentation fault (core dumped)
%
Comment 1 joe freebsd_committer freebsd_triage 1999-12-05 20:05:55 UTC 
State Changed
From-To: open->suspended

Committed to -current (1.24). 
Suspended pending MFC.
Comment 2 joe freebsd_committer freebsd_triage 1999-12-05 20:05:55 UTC 
Responsible Changed
From-To: freebsd-bugs->joe

Cos I'm responsible for it now.
Comment 3 joe freebsd_committer freebsd_triage 2000-04-30 21:22:38 UTC 
State Changed
From-To: suspended->closed

Commited to RELENG_3 and RELENG_2_2.